Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-01 03:26:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

Ref/docs 2.0 (#112)

Browse source
This commit is contained in:
Moritz Eckert 2022-09-09 17:01:57 +02:00 committed by GitHub
parent 2529323910
commit 15592e8f3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
58 changed files with 629 additions and 472 deletions
Download patch file Download diff file Expand all files Collapse all files

350
docs/versioned_docs/version-2.0/reference/cli.md Normal file
View file

@ -0,0 +1,350 @@
<!-- This file is generated by constellation/hack/clidocgen via update-cli-reference.yml workflow. Don't edit manually. -->
# CLI reference
Use the Constellation CLI to create and manage your clusters.
Usage:
```
constellation [command]
```
Commands:
* [config](#constellation-config): Work with the Constellation configuration file
* [generate](#constellation-config-generate): Generate a default configuration file
* [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image
* [instance-types](#constellation-config-instance-types): Prints the supported instance types for all cloud providers
* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster
* [init](#constellation-init): Initialize the Constellation cluster
* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster
* [recover](#constellation-recover): Recover a completely stopped Constellation cluster
* [terminate](#constellation-terminate): Terminate a Constellation cluster
* [upgrade](#constellation-upgrade): Plan and perform an upgrade of a Constellation cluster
* [execute](#constellation-upgrade-execute): Execute an upgrade of a Constellation cluster
* [plan](#constellation-upgrade-plan): Plan an upgrade of a Constellation cluster
* [version](#constellation-version): Display version of this CLI
## constellation config
Work with the Constellation configuration file
### Synopsis
Generate a configuration file for Constellation.
### Options
```
-h, --help help for config
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation config generate
Generate a default configuration file
### Synopsis
Generate a default configuration file for your selected cloud provider.
```
constellation config generate {aws|azure|gcp} [flags]
```
### Options
```
-f, --file string path to output file, or '-' for stdout (default "constellation-conf.yaml")
-h, --help help for generate
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation config fetch-measurements
Fetch measurements for configured cloud provider and image
### Synopsis
Fetch measurements for configured cloud provider and image. A config needs to be generated first!
```
constellation config fetch-measurements [flags]
```
### Options
```
-h, --help help for fetch-measurements
-s, --signature-url string alternative URL to fetch measurements' signature from
-u, --url string alternative URL to fetch measurements from
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation config instance-types
Prints the supported instance types for all cloud providers
### Synopsis
Prints the supported instance types for all cloud providers.
```
constellation config instance-types [flags]
```
### Options
```
-h, --help help for instance-types
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation create
Create instances on a cloud platform for your Constellation cluster
### Synopsis
Create instances on a cloud platform for your Constellation cluster.
```
constellation create [flags]
```
### Options
```
-c, --control-plane-nodes int number of control-plane nodes (required)
-h, --help help for create
--name string create the cluster with the specified name (default "constell")
-w, --worker-nodes int number of worker nodes (required)
-y, --yes create the cluster without further confirmation
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation init
Initialize the Constellation cluster
### Synopsis
Initialize the Constellation cluster. Start your confidential Kubernetes.
```
constellation init [flags]
```
### Options
```
--autoscale enable Kubernetes cluster-autoscaler
--endpoint string endpoint of the bootstrapper, passed as HOST[:PORT]
-h, --help help for init
--master-secret string path to base64-encoded master secret
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation verify
Verify the confidential properties of a Constellation cluster
### Synopsis
Verify the confidential properties of a Constellation cluster.
If arguments aren't specified, values are read from `constellation-id.json`.
```
constellation verify [flags]
```
### Options
```
--cluster-id string verify using Constellation's cluster identifier
-h, --help help for verify
-e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT]
--owner-id string verify using the owner identity derived from the master secret
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation recover
Recover a completely stopped Constellation cluster
### Synopsis
Recover a Constellation cluster by sending a recovery key to an instance in the boot stage.
This is only required if instances restart without other instances available for bootstrapping.
```
constellation recover [flags]
```
### Options
```
-e, --endpoint string endpoint of the instance, passed as HOST[:PORT] (required)
-h, --help help for recover
--master-secret string path to master secret file (default "constellation-mastersecret.json")
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation terminate
Terminate a Constellation cluster
### Synopsis
Terminate a Constellation cluster. The cluster can't be started again, and all persistent storage will be lost.
```
constellation terminate [flags]
```
### Options
```
-h, --help help for terminate
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation upgrade
Plan and perform an upgrade of a Constellation cluster
### Synopsis
Plan and perform an upgrade of a Constellation cluster.
### Options
```
-h, --help help for upgrade
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation upgrade execute
Execute an upgrade of a Constellation cluster
### Synopsis
Execute an upgrade of a Constellation cluster by applying the chosen configuration.
```
constellation upgrade execute [flags]
```
### Options
```
-h, --help help for execute
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation upgrade plan
Plan an upgrade of a Constellation cluster
### Synopsis
Plan an upgrade of a Constellation cluster by fetching compatible image versions and their measurements.
```
constellation upgrade plan [flags]
```
### Options
```
-f, --file string path to output file, or '-' for stdout, leave empty for interactive mode
-h, --help help for plan
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```
## constellation version
Display version of this CLI
### Synopsis
Display version of this CLI.
```
constellation version [flags]
```
### Options
```
-h, --help help for version
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
```

69
docs/versioned_docs/version-2.0/reference/config.md Normal file
View file

@ -0,0 +1,69 @@
# Configuration file
Constellation CLI reads all configuration options from `constellation-conf.yaml`.
> The Constellation CLI can generate a default configuration file. This should be the preferred way, so that the configuration matches the used CLI version.
A sample configuration for a Constellation cluster on Azure looks like this:
```yaml
version: v1 # Schema version of this configuration file.
autoscalingNodeGroupMin: 1 # Minimum number of worker nodes in autoscaling group.
autoscalingNodeGroupMax: 10 # Maximum number of worker nodes in autoscaling group.
stateDiskSizeGB: 30 # Size (in GB) of a node's disk to store the non-volatile state.
# Ingress firewall rules for node network.
ingressFirewall:
- name: bootstrapper # Name of rule.
description: bootstrapper default port # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 9000 # Start port of a range.
toport: 0 # End port of a range, or 0 if a single port is given by fromport.
- name: ssh # Name of rule.
description: SSH # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 22 # Start port of a range.
toport: 0 # End port of a range, or 0 if a single port is given by fromport.
- name: nodeport # Name of rule.
description: NodePort # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 30000 # Start port of a range.
toport: 32767 # End port of a range, or 0 if a single port is given by fromport.
- name: kubernetes # Name of rule.
description: Kubernetes # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 6443 # Start port of a range.
toport: 0 # End port of a range, or 0 if a single port is given by fromport.
# Supported cloud providers and their specific configurations.
provider:
# Configuration for Azure as provider.
azure:
subscription: "" # Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
tenant: "" # Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
location: "" # Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
image: /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos/versions/0.0.1659453699 # Machine image used to create Constellation nodes.
stateDiskType: StandardSSD_LRS # Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
# Expected confidential VM measurements.
measurements:
11: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
12: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
userAssignedIdentity: "" # Authorize spawned VMs to access Azure API.
kubernetesVersion: "1.24" # Kubernetes version installed in the cluster.
# # Egress firewall rules for node network.
# egressFirewall:
# - name: rule#1 # Name of rule.
# description: the first rule # Description for rule.
# protocol: tcp # Protocol, such as 'udp' or 'tcp'.
# iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
# fromport: 443 # Start port of a range.
# toport: 443 # End port of a range, or 0 if a single port is given by fromport.
# # Create SSH users on Constellation nodes.
# sshUsers:
# - username: Alice # Username of new SSH user.
# publicKey: ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com # Public key of new SSH user.
```